From fde498800c67cdfaf80c8ca643d0791cf9dfc5a1 Mon Sep 17 00:00:00 2001 From: Natalia Strelkova Date: Thu, 20 Jul 2023 12:14:39 +0200 Subject: [PATCH] optional description attribute in variables --- modules/net-vpc-swp/README.md | 16 ++++++++-------- modules/net-vpc-swp/main.tf | 12 ++++++------ modules/net-vpc-swp/variables.tf | 7 ++++++- tests/modules/net_vpc_swp/examples/basic.yaml | 1 + tests/modules/net_vpc_swp/examples/rules.yaml | 7 +++++++ tests/modules/net_vpc_swp/examples/tls.yaml | 4 ++++ 6 files changed, 32 insertions(+), 15 deletions(-) diff --git a/modules/net-vpc-swp/README.md b/modules/net-vpc-swp/README.md index 6107d90a1..1ad04189d 100644 --- a/modules/net-vpc-swp/README.md +++ b/modules/net-vpc-swp/README.md @@ -173,16 +173,16 @@ module "secure-web-proxy" { | [certificates](variables.tf#L27) | List of certificates to be used for Secure Web Proxy. | list(string) | ✓ | | | [name](variables.tf#L50) | Name of the Secure Web Proxy resource. | string | ✓ | | | [network](variables.tf#L55) | Name of the network the Secure Web Proxy is deployed into. | string | ✓ | | -| [project_id](variables.tf#L116) | Project id of the project that holds the network. | string | ✓ | | -| [region](variables.tf#L121) | Region where resources will be created. | string | ✓ | | -| [subnetwork](variables.tf#L132) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | | +| [project_id](variables.tf#L119) | Project id of the project that holds the network. | string | ✓ | | +| [region](variables.tf#L124) | Region where resources will be created. | string | ✓ | | +| [subnetwork](variables.tf#L135) | Name of the subnetwork the Secure Web Proxy is deployed into. | string | ✓ | | | [delete_swg_autogen_router_on_destroy](variables.tf#L32) | Delete automatically provisioned Cloud Router on destroy. | bool | | true | -| [description](variables.tf#L38) | Optional description to add to created resources. | string | | "Managed by Terraform." | +| [description](variables.tf#L38) | Optional description for the SWG. | string | | "Managed by Terraform." | | [labels](variables.tf#L44) | Resource labels. | map(string) | | {} | -| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} | -| [ports](variables.tf#L110) | Ports to use for Secure Web Proxy. | list(number) | | [443] | -| [scope](variables.tf#L126) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null | -| [tls_inspection_config](variables.tf#L137) | TLS inspection configuration. | object({…}) | | null | +| [policy_rules](variables.tf#L60) | List of policy rule definitions, default to allow action. Available keys: secure_tags, url_lists, custom. URL lists that only have values set will be created. | object({…}) | | {} | +| [ports](variables.tf#L113) | Ports to use for Secure Web Proxy. | list(number) | | [443] | +| [scope](variables.tf#L129) | Scope determines how configuration across multiple Gateway instances are merged. | string | | null | +| [tls_inspection_config](variables.tf#L140) | TLS inspection configuration. | object({…}) | | null | ## Outputs diff --git a/modules/net-vpc-swp/main.tf b/modules/net-vpc-swp/main.tf index 92e8542b0..fa65fff8b 100644 --- a/modules/net-vpc-swp/main.tf +++ b/modules/net-vpc-swp/main.tf @@ -23,7 +23,7 @@ resource "google_network_security_gateway_security_policy" "policy" { project = var.project_id name = var.name location = var.region - description = var.description + description = var.tls_inspection_config != null ? var.tls_inspection_config.gateway_description : null tls_inspection_policy = var.tls_inspection_config != null ? google_network_security_tls_inspection_policy.tls-policy.0.id : null } @@ -33,7 +33,7 @@ resource "google_network_security_tls_inspection_policy" "tls-policy" { project = var.project_id name = var.name location = var.region - description = var.description + description = var.tls_inspection_config.tls_description ca_pool = var.tls_inspection_config.ca_pool exclude_public_ca_set = var.tls_inspection_config.exclude_public_ca_set } @@ -44,7 +44,7 @@ resource "google_network_security_gateway_security_policy_rule" "secure_tag_rule project = var.project_id name = each.key location = var.region - description = var.description + description = each.value.description gateway_security_policy = google_network_security_gateway_security_policy.policy.name enabled = each.value.enabled priority = each.value.priority @@ -63,7 +63,7 @@ resource "google_network_security_url_lists" "url_lists" { project = var.project_id name = each.key location = var.region - description = var.description + description = each.value.description values = each.value.values } @@ -73,7 +73,7 @@ resource "google_network_security_gateway_security_policy_rule" "url_list_rules" project = var.project_id name = each.key location = var.region - description = var.description + description = each.value.description gateway_security_policy = google_network_security_gateway_security_policy.policy.name enabled = each.value.enabled priority = each.value.priority @@ -96,7 +96,7 @@ resource "google_network_security_gateway_security_policy_rule" "custom_rules" { provider = google-beta name = each.key location = var.region - description = var.description + description = each.value.description gateway_security_policy = google_network_security_gateway_security_policy.policy.name enabled = each.value.enabled priority = each.value.priority diff --git a/modules/net-vpc-swp/variables.tf b/modules/net-vpc-swp/variables.tf index 085195b32..fed232e9c 100644 --- a/modules/net-vpc-swp/variables.tf +++ b/modules/net-vpc-swp/variables.tf @@ -36,7 +36,7 @@ variable "delete_swg_autogen_router_on_destroy" { } variable "description" { - description = "Optional description to add to created resources." + description = "Optional description for the SWG." type = string default = "Managed by Terraform." } @@ -68,6 +68,7 @@ variable "policy_rules" { action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) + description = optional(string, "Managed by Terraform.") })), {}) url_lists = optional(map(object({ @@ -79,6 +80,7 @@ variable "policy_rules" { action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) + description = optional(string, "Managed by Terraform.") })), {}) custom = optional(map(object({ @@ -88,6 +90,7 @@ variable "policy_rules" { action = optional(string, "ALLOW") enabled = optional(bool, true) tls_inspection_enabled = optional(bool, false) + description = optional(string, "Managed by Terraform.") })), {}) }) validation { @@ -139,6 +142,8 @@ variable "tls_inspection_config" { type = object({ ca_pool = string exclude_public_ca_set = optional(bool, false) + gateway_description = optional(string, "Managed by Terraform.") + tls_description = optional(string, "Managed by Terraform.") }) default = null } diff --git a/tests/modules/net_vpc_swp/examples/basic.yaml b/tests/modules/net_vpc_swp/examples/basic.yaml index e3c63b539..1b2e357c0 100644 --- a/tests/modules/net_vpc_swp/examples/basic.yaml +++ b/tests/modules/net_vpc_swp/examples/basic.yaml @@ -32,6 +32,7 @@ values: delete_swg_autogen_router_on_destroy: true labels: example: "value" + description: "Managed by Terraform." counts: google_network_security_gateway_security_policy: 1 diff --git a/tests/modules/net_vpc_swp/examples/rules.yaml b/tests/modules/net_vpc_swp/examples/rules.yaml index ee79664f3..d6c0789a8 100644 --- a/tests/modules/net_vpc_swp/examples/rules.yaml +++ b/tests/modules/net_vpc_swp/examples/rules.yaml @@ -30,6 +30,7 @@ values: network: "projects/my-project/global/networks/my-network" subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork" delete_swg_autogen_router_on_destroy: true + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-1"]: project: "my-project" name: "secure-tag-1" @@ -40,6 +41,7 @@ values: application_matcher: null tls_inspection_enabled: false basic_profile: "ALLOW" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.secure_tag_rules["secure-tag-2"]: project: "my-project" name: "secure-tag-2" @@ -50,6 +52,7 @@ values: application_matcher: null tls_inspection_enabled: false basic_profile: "ALLOW" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-1"]: project: "my-project" name: "url-list-1" @@ -59,6 +62,7 @@ values: application_matcher: null tls_inspection_enabled: false basic_profile: "ALLOW" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.url_list_rules["url-list-2"]: project: "my-project" name: "url-list-2" @@ -69,6 +73,7 @@ values: application_matcher: null tls_inspection_enabled: false basic_profile: "ALLOW" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]: project: "my-project" name: "custom-rule-1" @@ -79,6 +84,7 @@ values: application_matcher: null tls_inspection_enabled: false basic_profile: "DENY" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_url_lists.url_lists["my-url-list"]: project: "my-project" name: "my-url-list" @@ -86,6 +92,7 @@ values: values: - "www.google.com" - "google.com" + description: "Managed by Terraform." counts: google_network_security_gateway_security_policy: 1 diff --git a/tests/modules/net_vpc_swp/examples/tls.yaml b/tests/modules/net_vpc_swp/examples/tls.yaml index 7d366eef9..039e58f5a 100644 --- a/tests/modules/net_vpc_swp/examples/tls.yaml +++ b/tests/modules/net_vpc_swp/examples/tls.yaml @@ -18,11 +18,13 @@ values: name: "secure-web-proxy" project: "my-project" location: "europe-west4" + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_tls_inspection_policy.tls-policy[0]: project: "my-project" name: "secure-web-proxy" location: "europe-west4" exclude_public_ca_set: false + description: "Managed by Terraform." module.secure-web-proxy.google_network_services_gateway.gateway: project: "my-project" name: "secure-web-proxy" @@ -35,6 +37,7 @@ values: network: "projects/my-project/global/networks/my-network" subnetwork: "projects/my-project/regions/europe-west4/subnetworks/my-subnetwork" delete_swg_autogen_router_on_destroy: true + description: "Managed by Terraform." module.secure-web-proxy.google_network_security_gateway_security_policy_rule.custom_rules["custom-rule-1"]: project: "my-project" name: "custom-rule-1" @@ -45,6 +48,7 @@ values: application_matcher: "request.path.contains('generate_204')" tls_inspection_enabled: true basic_profile: "ALLOW" + description: "Managed by Terraform." google_privateca_ca_pool.pool: name: "secure-web-proxy-capool" location: "europe-west4"